-
-
Save RoyXiang/7922183 to your computer and use it in GitHub Desktop.
Revisions
-
zhangxiao created this gist
Dec 9, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,54 @@ #! /bin/bash # Set the default policies to allow everything while we set up new rules. # Prevents cutting yourself off when running from remote SSH. iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # Flush any existing rules, leaving just the defaults iptables -F # Open port 22 for incoming SSH connections. iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Open 80 & 443 iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT # SMTP #iptables -A INPUT -p tcp --dport 25 -j ACCEPT # POP3 #iptables -A INPUT -p tcp --dport 110 -j ACCEPT # IMAP #iptables -A INPUT -p tcp --dport 143 -j ACCEPT # IMAPS #iptables -A INPUT -p tcp --dport 993 -j ACCEPT # POP3S #iptables -A INPUT -p tcp --dport 995 -j ACCEPT # # Other rules... # # Accept any localhost (loopback) calls. iptables -A INPUT -i lo -j ACCEPT # Allow any existing connection to remain. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Reset the default policies to stop all incoming and forward requests. iptables -P INPUT DROP iptables -P FORWARD DROP # Accept any outbound requests from this server. iptables -P OUTPUT ACCEPT # Save the settings. service iptables save # Allow ping. iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Display the settings. iptables -L -v --line-numbers